Research On Network Perceptual Feature Extraction And Its Application On Detecting Covert Timing Channels

Covert timing channel is a branch of information hiding technology.Covert timing channel uses the system resources that are not designed to transmit information as the carrier of secret information,such as the packet sending time,which makes it difficult to be identified by traditional network security mechanisms,such as firewall,intrusion detection system,etc.Because of its strong concealment,its detection has become an important research topic.The existing detection methods has some limitations.Some methods detect specific types of channels.Some methods can not effectively detect it when data length is short and lack of robustness to network interference.Finally,the current detection schemes focus on distinguishing the covert channel from the normal channel,instead of studying multiple classifications.In view of the above situation,this paper studies the network traffic feature extraction scheme based on perceptual hash theory and its application in network covert timing channel detection.The main work and achievements are as followsFirstly,based on perceptual hash theory,the framework of covert timing channel detection is established,and two important characteristics of perceptual hash detection framework are defined: perceptual robustness and perceptual discrimination.In the perceptual feature extraction,a variety of statistical characteristics are analyzed.A multi classification algorithm based on hash matching is designed to classify multiple channels.The simulation results show that the covert timing detection scheme based on network traffic hash feature extraction is reliable.Secondly,an improved permutation entropy based perceptual feature extraction scheme is proposed,which measures channel traffic from the perspective of time series complexity.The original permutation entropy does not consider the amplitude change information of time series in measuring the complexity of time series.According to the interval distribution characteristics of hidden traffic,this scheme proposes a weight selection strategy to improve it.Through the modeling of network interference,the detection performance of the scheme under the change of network interference is verified.Simulation results show that the method improves the robustness to network interference to a certain extent.Thirdly,a feature extraction scheme combining fractal theory and sequence segmentation representation is proposed.In this scheme,the channel traffic is represented by segments,and the time periods of different fluctuations are divided.Combined with the characteristics of non-stationary network traffic,the fractal characteristics of the sequence in segments are extracted by rescaled range analysis method.Based on this scheme,a hash mapping method is designed.The experimental results show that the scheme has a high classification rate under ideal conditions,and can also maintain a good detection rate under different sample size.In this paper,perceptual hash theory is introduced into the detection of covert timing channel,and discusses the application of perceptual hash theory in the detection of covert timing channel from three aspects: perceptual feature extraction,perceptual hash matching and perceptual hash analysis.In this paper,a series of experimental results verify that the detection scheme proposed in the perceptual hash theory preliminarily realizes the multi classification of channels,and improves the detection rate in the case of network interference and small sample data.At the end of the paper,it summarizes the whole paper,and puts forward the prospect of the problems worthy of further study in the future.